Beware of the ROBOT vulnerability

12/12/2017 by in category Blue Cube News with 0 and 0
Home > News > Blue Cube News > Beware of the ROBOT vulnerability

Beware of the ROBOT vulnerability

 

The Vulnerability

 
ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.

We discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet.

For more information please visit – https://robotattack.org/

Please call us if you require any advise about ROBOT – 0345 094 3070.

©2017 BLUE CUBE SECURITY LTD. ALL RIGHTS RESERVED.